From ccf286e6641184adb6e4bf739c88c6b109466843 Mon Sep 17 00:00:00 2001
From: "David\\ Beitey" <david@davidjb.com>
Date: Wed, 3 Oct 2012 10:09:34 +1000
Subject: Clarify documentation for pyramid.session.check_csrf_token function

---
 pyramid/session.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/pyramid/session.py b/pyramid/session.py
index 3b2834693..a5e6a8d3a 100644
--- a/pyramid/session.py
+++ b/pyramid/session.py
@@ -83,8 +83,9 @@ def signed_deserialize(serialized, secret, hmac=hmac):
 
 def check_csrf_token(request, token='csrf_token', raises=True):
     """ Check the CSRF token in the request's session against the value in
-    ``request.params.get(token)``.  If ``token`` is not supplied, the string
-    value ``csrf_token`` will be used as the token value.  If the value in
+    ``request.params.get(token)``.  If a ``token`` keyword is not supplied
+    to this function, the string ``csrf_token`` will be used to look up
+    the token within ``request.params``.  If the value in
     ``request.params.get(token)`` doesn't match the value supplied by
     ``request.session.get_csrf_token()``, and ``raises`` is ``True``, this
     function will raise an :exc:`pyramid.httpexceptions.HTTPBadRequest`
-- 
cgit v1.2.3